Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported vulnerabilities in seven popular open-source software applications.
There's a line of thought among some users that open-source software is more secure than commercial software because there are more people looking at the source code and providing feedback or because open-source projects can patch issues faster.
Rapid7 worked with Brandon Perry, an application security engineer and regular contributor to the Metasploit penetration testing framework, to test that theory, said Christian Kirsch, product marketing manager at Rapid7, in an interview Wednesday at the RSA Europe security conference in Amsterdam.
At the beginning of August, Perry selected seven of the most popular open-source Web applications hosted on SourceForge.net and started looking for vulnerabilities in them. Within two weeks he found security flaws in all of them, Kirsch said.
To read this article in full or to leave a comment, please click here